CVE-2022-24860 Information

Description

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8